<!DOCTYPE html>
<html>
  <head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8">
  <meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport">
  <meta name="description" content="和你分享有用和有趣的知识">
  <meta name="keyword" content="hexo-theme, vuejs">
  
    <link rel="shortcut icon" href="/css/images/logo.png">
  
  <title>
    
      你的Tomcat可能并不安全，原因居然是 | 小迅的神奇海螺
    
  </title>
  <link href="//cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet">
  <link href="//cdnjs.cloudflare.com/ajax/libs/nprogress/0.2.0/nprogress.min.css" rel="stylesheet">
  <link href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/tomorrow.min.css" rel="stylesheet">
  
<link rel="stylesheet" href="/css/style.css">

  
  <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
  <script src="//cdnjs.cloudflare.com/ajax/libs/geopattern/1.2.3/js/geopattern.min.js"></script>
  <script src="//cdnjs.cloudflare.com/ajax/libs/nprogress/0.2.0/nprogress.min.js"></script>
  
    
<script src="/js/qrious.js"></script>

  
  
  
  
    <!-- MathJax support START -->
    <script type="text/x-mathjax-config">
      MathJax.Hub.Config({
        tex2jax: {
          inlineMath: [ ['$','$'], ["\\(","\\)"]  ],
          processEscapes: true,
          skipTags: ['script', 'noscript', 'style', 'textarea', 'pre', 'code']
        }
      });
    </script>

    <script type="text/x-mathjax-config">
      MathJax.Hub.Queue(function() {
        var all = MathJax.Hub.getAllJax(), i;
        for (i=0; i < all.length; i += 1) {
          all[i].SourceElement().parentNode.className += ' has-jax';
        }
      });
    </script>
    <script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
    <!-- MathJax support END -->
  


  
  
    
<script src="/js/local-search.js"></script>


<meta name="generator" content="Hexo 4.2.1"></head>
<!-- <div class="wechat-share">
  <img src="/css/images/logo.png" />
</div> -->
  <body>
    <header class="header fixed-header">
  <div class="header-container">
    <a class="home-link" href="/">
      <!-- <div class="logo"></div> -->
      <span>小迅的神奇海螺</span>
    </a>
    <ul class="right-list">
      
        <li class="list-item">
          
            <a href="/" class="item-link">Home</a>
          
        </li>
      
        <li class="list-item">
          
            <a href="/tags/" class="item-link">Tags</a>
          
        </li>
      
        <li class="list-item">
          
            <a href="/archives/" class="item-link">Archives</a>
          
        </li>
      
        <li class="list-item">
          
            <a href="/project/" class="item-link">Projects</a>
          
        </li>
      
        <li class="list-item">
          
            <a href="/about/" class="item-link">About</a>
          
        </li>
      
      
        <li class="menu-item menu-item-search right-list">
    <a role="button" class="popup-trigger">
        <i class="fa fa-search fa-fw"></i>
    </a>
</li>
      
    </ul>
    <div class="menu">
      <span class="icon-bar"></span>
      <span class="icon-bar"></span>
      <span class="icon-bar"></span>
    </div>
    <div class="menu-mask">
      <ul class="menu-list">
        
          <li class="menu-item">
            
              <a href="/" class="menu-link">Home</a>
            
          </li>
        
          <li class="menu-item">
            
              <a href="/tags/" class="menu-link">Tags</a>
            
          </li>
        
          <li class="menu-item">
            
              <a href="/archives/" class="menu-link">Archives</a>
            
          </li>
        
          <li class="menu-item">
            
              <a href="/project/" class="menu-link">Projects</a>
            
          </li>
        
          <li class="menu-item">
            
              <a href="/about/" class="menu-link">About</a>
            
          </li>
        
      </ul>
    </div>
    
      <div class="search-pop-overlay">
    <div class="popup search-popup">
        <div class="search-header">
            <span class="search-icon">
                <i class="fa fa-search"></i>
            </span>
            <div class="search-input-container">
                <input autocomplete="off" autocapitalize="off"
                    placeholder="Please enter your keyword(s) to search." spellcheck="false"
                    type="search" class="search-input">
            </div>
            <span class="popup-btn-close">
                <i class="fa fa-times-circle"></i>
            </span>
        </div>
        <div id="search-result">
            <div id="no-result">
                <i class="fa fa-spinner fa-pulse fa-5x fa-fw"></i>
            </div>
        </div>
    </div>
</div>
    
  </div>
</header>

    <div id="article-banner">
  <h2>你的Tomcat可能并不安全，原因居然是</h2>
  <p class="post-date">2021-08-02</p>
  <div class="arrow-down">
    <a href="javascript:;"></a>
  </div>
</div>
<main class="app-body flex-box">
  <!-- Article START -->
  <article class="post-article">
    <section class="markdown-content"><h1 id="背景"><a href="#背景" class="headerlink" title="背景"></a>背景</h1><p>小迅之前部署了一个Tomcat应用，渗透测试不通过，在此记录一下风险内容以及解决方案</p>
<h1 id="测试结果"><a href="#测试结果" class="headerlink" title="测试结果"></a>测试结果</h1><table>
<thead>
<tr>
<th align="center">风险说明</th>
<th align="center">风险程度</th>
</tr>
</thead>
<tbody><tr>
<td align="center">中间件版本泄露</td>
<td align="center">低</td>
</tr>
<tr>
<td align="center">Tomcat样例目录泄漏</td>
<td align="center">低</td>
</tr>
</tbody></table>
<h1 id="测试详情"><a href="#测试详情" class="headerlink" title="测试详情"></a>测试详情</h1><table>
<thead>
<tr>
<th align="center">风险名称</th>
<th align="left">风险描述</th>
<th align="left">修改建议</th>
</tr>
</thead>
<tbody><tr>
<td align="center">中间件版本泄露</td>
<td align="left">404页面返回信息中包含中间件版本信息，攻击者会根据版本进行针对性攻击</td>
<td align="left">去掉返回信息中中间件版本信息</td>
</tr>
<tr>
<td align="center">Tomcat样例目录泄漏</td>
<td align="left">Apache Tomcat默认安装包含<code>/examples</code>目录，且未做权限控制。其中session样例允许用户对session进行操纵</td>
<td align="left">建议禁止访问或者讲默认WEB跟目录下的examples和docs目录及其下的所有文件都删除，以免造成不必要的信息泄露或其他漏洞</td>
</tr>
</tbody></table>
<h1 id="修改过程"><a href="#修改过程" class="headerlink" title="修改过程"></a>修改过程</h1><h2 id="一、中间件版本泄露"><a href="#一、中间件版本泄露" class="headerlink" title="一、中间件版本泄露"></a>一、中间件版本泄露</h2><p>目前流行的有两种方案</p>
<ul>
<li>自定义404页面</li>
<li>修改Tomcat配置，隐藏版本信息<h3 id="1-自定义404页面方案"><a href="#1-自定义404页面方案" class="headerlink" title="1. 自定义404页面方案"></a>1. 自定义404页面方案</h3>tomcat /conf/web.xml 添加<figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">web-app</span>&gt;</span></span><br><span class="line">	...</span><br><span class="line">	<span class="comment">&lt;!-- 400错误 --&gt;</span></span><br><span class="line">	<span class="tag">&lt;<span class="name">error-page</span>&gt;</span></span><br><span class="line">		<span class="tag">&lt;<span class="name">error-code</span>&gt;</span>400<span class="tag">&lt;/<span class="name">error-code</span>&gt;</span></span><br><span class="line">		<span class="tag">&lt;<span class="name">location</span>&gt;</span>/error.jsp<span class="tag">&lt;/<span class="name">location</span>&gt;</span></span><br><span class="line">	<span class="tag">&lt;/<span class="name">error-page</span>&gt;</span></span><br><span class="line">	<span class="comment">&lt;!-- 404 页面不存在错误 --&gt;</span></span><br><span class="line">	<span class="tag">&lt;<span class="name">error-page</span>&gt;</span></span><br><span class="line">		<span class="tag">&lt;<span class="name">error-code</span>&gt;</span>404<span class="tag">&lt;/<span class="name">error-code</span>&gt;</span></span><br><span class="line">		<span class="tag">&lt;<span class="name">location</span>&gt;</span>/error.jsp<span class="tag">&lt;/<span class="name">location</span>&gt;</span></span><br><span class="line">	<span class="tag">&lt;/<span class="name">error-page</span>&gt;</span></span><br><span class="line">	<span class="comment">&lt;!-- 500 服务器内部错误 --&gt;</span></span><br><span class="line">	<span class="tag">&lt;<span class="name">error-page</span>&gt;</span></span><br><span class="line">		<span class="tag">&lt;<span class="name">error-code</span>&gt;</span>500<span class="tag">&lt;/<span class="name">error-code</span>&gt;</span></span><br><span class="line">		<span class="tag">&lt;<span class="name">location</span>&gt;</span>/error.jsp<span class="tag">&lt;/<span class="name">location</span>&gt;</span></span><br><span class="line">	<span class="tag">&lt;/<span class="name">error-page</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">web-app</span>&gt;</span></span><br></pre></td></tr></table></figure>
简而言之就是把内置的报错页面给替换了</li>
<li>优点：改动小，容易实施</li>
<li>缺点：自定义报错页面，容易引入其他bug，且没有涵盖所有的error-code，不具有普适性</li>
</ul>
<h3 id="2-修改Tomcat配置，隐藏版本信息"><a href="#2-修改Tomcat配置，隐藏版本信息" class="headerlink" title="2. 修改Tomcat配置，隐藏版本信息"></a>2. 修改Tomcat配置，隐藏版本信息</h3><p>重打包 Tomcat lib 目录下的 catalina.jar 文件</p>
<ol>
<li>进入tomcat下的lib目录</li>
<li>预览catalina.jar</li>
<li>进入<code>\org\apache\catalina\util</code>目录下，修改<code>ServerInfo.properties</code>文件</li>
<li>注释后3行</li>
</ol>
<p><img src="https://i.loli.net/2021/08/02/69yvHgFlezXYdGs.png" alt="修改文件内容"></p>
<p>修改之后，可以直接保存关闭，压缩软件会重新打包jar文件</p>
<p><img src="https://i.loli.net/2021/08/02/lFjWUbOKvzPg1eJ.png" alt="直接保存">  </p>
<ul>
<li>优点：从根源上解决问题，对此服务器下的所有网站都生效</li>
<li>缺点：改动操作比较繁琐，毕竟要修改官方提供的jar包嘛，而且如果中间件有升级，还得再来一遍</li>
</ul>
<h2 id="二、Tomcat样例目录泄漏"><a href="#二、Tomcat样例目录泄漏" class="headerlink" title="二、Tomcat样例目录泄漏"></a>二、Tomcat样例目录泄漏</h2><p>直接删除<code>webapps</code>下的<code>examples</code>和<code>docs</code>等目录，小迅进行操作之后，只留下了ROOT和应用目录，亲测不影响应用运行</p>
<h1 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h1><ul>
<li>安全意识很重要，稳定为先，不管是开发还是运维，要时刻把安全放在第一位</li>
<li>直接把应用端口暴露出来，虽然比直接暴露主机好，但也存在中间件方面的安全隐患。当你需要在公网暴露东西的时候，记得加上路径控制</li>
<li>不要畏惧各种测试，尤其要多看专业的测试报告，在加固应用程序的同时，眼界和技能也在不知不觉中增加了</li>
</ul>
<h1 id="参考资料"><a href="#参考资料" class="headerlink" title="参考资料"></a>参考资料</h1><p><a href="https://blog.csdn.net/ClearLoveQ/article/details/90209920" target="_blank" rel="noopener">Tomcat和Nginx版本信息泄露问题_ClearLoveQ的博客-CSDN博客_nginx版本信息泄露</a><br><a href="https://support.i-search.com.cn/article/1595412294560" target="_blank" rel="noopener">Tomcat 版本信息泄露漏洞 修复方案-艺赛旗社区 (i-search.com.cn)</a></p>
</section>
    <!-- Tags START -->
    
      <div class="tags">
        <span>Tags:</span>
        
  <a href="/tags#运维" >
    <span class="tag-code">运维</span>
  </a>

  <a href="/tags#错题集" >
    <span class="tag-code">错题集</span>
  </a>

      </div>
    
    <!-- Tags END -->
    <!-- NAV START -->
    
  <div class="nav-container">
    <!-- reverse left and right to put prev and next in a more logic postition -->
    
      <a class="nav-left" href="/2021/08/02/sign-up-ps5-beta-program-in-china/">
        <span class="nav-arrow">← </span>
        
          国内如何注册PS5系统软件测试计划
        
      </a>
    
    
      <a class="nav-right" href="/2021/08/12/linux-command-netstat/">
        
          netstat命令详解
        
        <span class="nav-arrow"> →</span>
      </a>
    
  </div>

    <!-- NAV END -->
    <!-- 打赏 START -->
    
      <div class="money-like">
        <div class="reward-btn">
          赏
          <span class="money-code">
            <span class="alipay-code">
              <div class="code-image"></div>
              <b>使用支付宝打赏</b>
            </span>
            <span class="wechat-code">
              <div class="code-image"></div>
              <b>使用微信打赏</b>
            </span>
          </span>
        </div>
        <p class="notice">若你觉得我的文章对你有帮助，欢迎点击上方按钮对我打赏</p>
      </div>
    
    <!-- 打赏 END -->
    <!-- 二维码 START -->
    
      <div class="qrcode">
        <canvas id="share-qrcode"></canvas>
        <p class="notice">扫描二维码，分享此文章</p>
      </div>
    
    <!-- 二维码 END -->
    
      <!-- Utterances START -->
      <div id="utterances"></div>
      <script src="https://utteranc.es/client.js"
        repo="7YHong/7YHong.github.io"
        issue-term="pathname"
        theme="github-light"
        crossorigin="anonymous"
        async></script>    
      <!-- Utterances END -->
    
  </article>
  <!-- Article END -->
  <!-- Catalog START -->
  
    <aside class="catalog-container">
  <div class="toc-main">
    <strong class="toc-title">Catalog</strong>
    
      <ol class="toc-nav"><li class="toc-nav-item toc-nav-level-1"><a class="toc-nav-link" href="#背景"><span class="toc-nav-text">背景</span></a></li><li class="toc-nav-item toc-nav-level-1"><a class="toc-nav-link" href="#测试结果"><span class="toc-nav-text">测试结果</span></a></li><li class="toc-nav-item toc-nav-level-1"><a class="toc-nav-link" href="#测试详情"><span class="toc-nav-text">测试详情</span></a></li><li class="toc-nav-item toc-nav-level-1"><a class="toc-nav-link" href="#修改过程"><span class="toc-nav-text">修改过程</span></a><ol class="toc-nav-child"><li class="toc-nav-item toc-nav-level-2"><a class="toc-nav-link" href="#一、中间件版本泄露"><span class="toc-nav-text">一、中间件版本泄露</span></a><ol class="toc-nav-child"><li class="toc-nav-item toc-nav-level-3"><a class="toc-nav-link" href="#1-自定义404页面方案"><span class="toc-nav-text">1. 自定义404页面方案</span></a></li><li class="toc-nav-item toc-nav-level-3"><a class="toc-nav-link" href="#2-修改Tomcat配置，隐藏版本信息"><span class="toc-nav-text">2. 修改Tomcat配置，隐藏版本信息</span></a></li></ol></li><li class="toc-nav-item toc-nav-level-2"><a class="toc-nav-link" href="#二、Tomcat样例目录泄漏"><span class="toc-nav-text">二、Tomcat样例目录泄漏</span></a></li></ol></li><li class="toc-nav-item toc-nav-level-1"><a class="toc-nav-link" href="#总结"><span class="toc-nav-text">总结</span></a></li><li class="toc-nav-item toc-nav-level-1"><a class="toc-nav-link" href="#参考资料"><span class="toc-nav-text">参考资料</span></a></li></ol>
    
  </div>
</aside>
  
  <!-- Catalog END -->
</main>

<script>
  (function () {
    var url = 'http://yoursite.com/2021/08/02/fix-vulnerabilities-in-apache-tomcat/';
    var banner = ''
    if (banner !== '' && banner !== 'undefined' && banner !== 'null') {
      $('#article-banner').css({
        'background-image': 'url(' + banner + ')'
      })
    } else {
      $('#article-banner').geopattern(url)
    }
    $('.header').removeClass('fixed-header')

    // error image
    $(".markdown-content img").on('error', function() {
      $(this).attr('src', '/css/images/error_icon.png')
      $(this).css({
        'cursor': 'default'
      })
    })

    // zoom image
    $(".markdown-content img").on('click', function() {
      var src = $(this).attr('src')
      if (src !== '/css/images/error_icon.png') {
        var imageW = $(this).width()
        var imageH = $(this).height()

        var zoom = ($(window).width() * 0.95 / imageW).toFixed(2)
        zoom = zoom < 1 ? 1 : zoom
        zoom = zoom > 2 ? 2 : zoom
        var transY = (($(window).height() - imageH) / 2).toFixed(2)

        $('body').append('<div class="image-view-wrap"><div class="image-view-inner"><img src="'+ src +'" /></div></div>')
        $('.image-view-wrap').addClass('wrap-active')
        $('.image-view-wrap img').css({
          'width': `${imageW}`,
          'transform': `translate3d(0, ${transY}px, 0) scale3d(${zoom}, ${zoom}, 1)`
        })
        $('html').css('overflow', 'hidden')

        $('.image-view-wrap').on('click', function() {
          $(this).remove()
          $('html').attr('style', '')
        })
      }
    })
  })();
</script>


  <script>
    var qr = new QRious({
      element: document.getElementById('share-qrcode'),
      value: document.location.href
    });
  </script>






    <div class="scroll-top">
  <span class="arrow-icon"></span>
</div>
    <footer class="app-footer">
  <p class="copyright">
    &copy; 2021 | Proudly powered by <a href="https://hexo.io" target="_blank">Hexo</a>
    <br>
    Theme by <a href="https://github.com/yanm1ng" target="_blank" rel="noopener">yanm1ng</a>
  </p>
</footer>

<script>
  function async(u, c) {
    var d = document, t = 'script',
      o = d.createElement(t),
      s = d.getElementsByTagName(t)[0];
    o.src = u;
    if (c) { o.addEventListener('load', function (e) { c(null, e); }, false); }
    s.parentNode.insertBefore(o, s);
  }
</script>
<script>
  async("//cdnjs.cloudflare.com/ajax/libs/fastclick/1.0.6/fastclick.min.js", function(){
    FastClick.attach(document.body);
  })
</script>

<script>
  var hasLine = 'true';
  async("//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js", function(){
    $('figure pre').each(function(i, block) {
      var figure = $(this).parents('figure');
      if (hasLine === 'false') {
        figure.find('.gutter').hide();
      }
      hljs.configure({useBR: true});
      var lang = figure.attr('class').split(' ')[1] || 'code';
      var codeHtml = $(this).html();
      var codeTag = document.createElement('code');
      codeTag.className = lang;
      codeTag.innerHTML = codeHtml;
      $(this).attr('class', '').empty().html(codeTag);
      figure.attr('data-lang', lang.toUpperCase());
      hljs.highlightBlock(block);
    });
  })
</script>
<!-- Baidu Tongji -->


<script src="/js/script.js"></script>


  </body>
</html>